CVE-2026-5281
Google Dawn Use-After-Free Vulnerability - [Actively Exploited]
Description
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
INFO
Published Date :
April 1, 2026, 5:16 a.m.
Last Modified :
April 2, 2026, 1:16 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Unknown
This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281
Affected Products
The following products are affected by CVE-2026-5281
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
Solution
- Update Google Chrome to version 146.0.7680.178 or later.
- Apply vendor patches when available.
Public PoC/Exploit Available at Github
CVE-2026-5281 has a 9 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-5281.
| URL | Resource |
|---|---|
| https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html | Vendor Advisory |
| https://issues.chromium.org/issues/491518608 | Issue Tracking Permissions Required |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-5281 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-5281
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Standalone offline browser for the CISA Known Exploited Vulnerabilities (KEV) catalog. No server, no install — open in any browser.
Python HTML
Variant analysis, open-sourced. Feed a CVE patch, find every structural twin across your codebase. 6-stage pipeline: patch ingestion, LLM signature extraction, embedding search, Joern CPG slicing, LLM feasibility reasoning, SARIF reporting.
appsec bug-hunting code-analysis cpg cve joern llm rust sarif security static-analysis tree-sitter variant-analysis vulnerability-detection
Rust Dockerfile Shell Ruby
CVE-2026-5281 (Chrome Dawn WebGPU UAF) analysis, lab validation tools, and reproducible environment for vulnerable vs patched builds.
google-chrome cve-2026-5281 browser-exploitation
Python HTML
Security Tracker
Python
Chrome WebGPU Use-After-Free (CWE-416) This toolkit is for security research and defensive verification around CVE-2026-5281. Patched Chrome version: 146.0.7680.178 Potentially vulnerable versions: anything below 146.0.7680.178
Python
For developers, researchers, students, and builders: a free, open-source security intelligence aggregator that tracks CVEs, threat intel, and breaking security news in real time, from 17 sources — NVD, CISA, Unit 42, SANS, Schneier, and more — into one encrypted local database you control. — privately, locally, on your machine.
cve cybersecurity cybersecurity-education cybersecurity-tools mitre-attack portfolio portfolio-project python security-intelligence sqlite threat-detection threat-intelligence vulnerability-detection vulnerability-management vulnerability-scanners security-tools
Python Shell
DSA and DLA for Debian last 14 days
Python
None
Python
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-5281 vulnerability anywhere in the article.
-
The Hacker News
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuar ... Read more
-
The Hacker News
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploi ... Read more
-
The Hacker News
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To tha ... Read more
-
The Hacker News
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you igno ... Read more
-
The Hacker News
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate an ... Read more
-
The Hacker News
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-20 ... Read more
-
The Hacker News
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnera ... Read more
-
The Hacker News
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-saf ... Read more
-
Daily CyberSecurity
Hijacking the Soundboard: Critical 9.8 RCE Flaws Hit Ubiquiti UniFi Play Audio
Ubiquiti has issued an urgent security advisory for its UniFi Play audio lineup, addressing a suite of vulnerabilities that could allow attackers to seize total control of network-connected amplifiers ... Read more
-
Daily CyberSecurity
Critical 9.9 Alert: SAP’s April 2026 Patch Day Targets Major SQL Injection
SAP has marked its latest monthly security update with the release of 19 new security notes and one update to a previously issued advisory. This month’s “Patch Day” is highlighted by a critical severi ... Read more
-
The Hacker News
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is ... Read more
-
The Hacker News
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitatio ... Read more
-
Daily CyberSecurity
VPN Security Alert: Synology Patches Flaws in SSL VPN Client
Synology has released an essential security update for its SSL VPN Client utility, addressing two “Important” severity vulnerabilities that could lead to sensitive data exposure and unauthorized traff ... Read more
-
Daily CyberSecurity
Industrial Key Leak: Critical 9.3 CVSS Flaws Expose Mitsubishi’s GENESIS64 and ICONICS Suite
A new advisory from Mitsubishi Electric Corporation, released on April 7, 2026, has disclosed that multiple information disclosure, tampering, and Denial-of-Service (DoS) vulnerabilities exist in GENE ... Read more
-
Daily CyberSecurity
Critical SSRF Flaw Discovered in Axios – CVE-2025-62718 (CVSS 9.3)
In the complex architecture of modern web applications, the difference between a secure internal request and a data leak can sometimes come down to a single character. Security researchers have uncove ... Read more
-
Daily CyberSecurity
Log4j’s “Silent” Security Gap: New Advisories Warn of Data Loss and TLS Bypasses
The Apache Log4j 2 ecosystem is facing a fresh wave of security concerns as four new vulnerabilities have been disclosed, highlighting critical flaws in how the library handles data sanitization and i ... Read more
-
Daily CyberSecurity
Apache ActiveMQ Patches “OOM” and MQTT Protocol Flaws
Apache ActiveMQ, a cornerstone of multi-platform application integration, has released critical updates to address vulnerabilities that could lead to widespread service disruptions. The disclosures hi ... Read more
-
Daily CyberSecurity
Triple Security Advisory Prompts Immediate Upgrade to Apache OpenMeetings Version 9.0.0
Apache OpenMeetings, the open-source suite providing video conferencing, instant messaging, and collaborative document editing, is facing a series of security disclosures that highlight risks to user ... Read more
-
The Hacker News
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-s ... Read more
-
Daily CyberSecurity
High-Severity RCE and XSS Vulnerabilities Patched in Apache Storm 2.8.6
Apache Storm, the distributed realtime computation system known for processing unbounded streams of data, has released a critical security update. Version 2.8.6 addresses two significant vulnerabiliti ... Read more
The following table lists the changes that have been made to the
CVE-2026-5281 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Apr. 02, 2026
Action Type Old Value New Value Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281 Types: US Government Resource -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Apr. 01, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281 -
Initial Analysis by [email protected]
Apr. 01, 2026
Action Type Old Value New Value Added CPE Configuration AND OR *cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to (excluding) 146.0.7680.177 OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* Added Reference Type Chrome: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html Types: Vendor Advisory Added Reference Type Chrome: https://issues.chromium.org/issues/491518608 Types: Issue Tracking, Permissions Required -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Apr. 01, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H -
New CVE Received by [email protected]
Apr. 01, 2026
Action Type Old Value New Value Added Description Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Added CWE CWE-416 Added Reference https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html Added Reference https://issues.chromium.org/issues/491518608